It’s probably too long form and stream of consciousness, but a few weeks ago I looked at GameShark “codes” and what they look like in when we having matching decompiled code and can we decompile a GameShark modded function. https://m.youtube.com/watch?v=h4398rWE1kg

Short answer is that no compiler would produce similar code and it’s probably a red flag that there’s odd dead code, jumps, or places where padding or nops are expected but there is code.

Rom hacks are more in depth, but often play the same tricks because they need to fit into possibly sections they shouldn’t exist in (say, code in BSS), encode instructions in a way that known compilers wouldn’t, long jumps to odd places.

▲

immibis 3 days ago | parent [-]

No virus scanner understands how to run game console executables and could detect unusual code layout in ROMs, nor do they want to because those aren't viruses.

	▲	jonhohle 2 days ago \| parent [-]
		I’m not sure which rom hacks were being flagged, but most consoles use CPUs that were also at one point used in computers or phones as well. Is it likely that a virus scanner is going to flag a MIPS binary (PS1, PS2, N64)? Probably not. But what’s the difference to a virus scanner whether an x86, PowerPC, or ARM binary is meant for a console, phone, or a computer. Or more simply, it could be packed with a README that links back to a modding group that hosts stuff on a site with malware or other “hacker” tools.